How to configure SSH on Cisco Routers and Switches

Once you complete initial setup and configuration of your Cisco switch or router using a console, you may want to manage the device remotely. Using Telnet is a security risk because passwords and commands are sent over the network in cleartext and can easily be hacked. So you would want to disable Telnet and enable only SSH for remote management.

Assuming you have already completed initial configuration of your Cisco device by console, the steps for SSH configuration on a Cisco Switch are:

1) Set the hostname and domain name

2) Generate RSA keys for encryption

OTGswitch(config)# crypto key generate rsa
The name for the keys will be: OTGswitch.OTG.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:

5)Set time-out interval

This sets a timeout interval of 5 minutes so your session expires in 5 minutes if you left it idle.

Also extend this to VTYs 0 to 15 if your device supports 16 VTYs.

Now you can check SSH from a remote client. Optionally you can use access control lists to limit the sub-networks from which remote access is permitted.

The above procedure to enable SSH works on Cisco Switches running on IOS. The same can be applied to Cisco Routers as well. The key thing to bear in mind is to find out how many simultaneous remote sessions(VTY)are supported in your IOS version.